CompTIA Security+ (SY0-701) — Question 153

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Answer options

• A. A worm is propagating across the network.
• B. Data is being exfiltrated.
• C. A logic bomb is deleting data.
• D. Ransomware is encrypting files.

Correct answer: B

Explanation

The most likely scenario is that data is being exfiltrated, as unusual DNS queries can indicate attempts to send data outside the network. The other options, while they represent potential security threats, do not align with the specific behavior of generating excessive DNS queries during non-business hours.